Formal Parametric Polymorphism
Martín Abadi
Luca Cardelli
Pierre-Louis Curien
Digital Equipment Corporation Digital Equipment Corporation CNRSSystems Research Center Systems Research Center Ecole Normale Supérieure
Abstract
A polymorphic function is parametric if its behavior does not depend on the type at which it is instanti ated. Starting with Reynolds's work, the study of parametricity is typically semantic. In this paper, we de -velop a syntactic approach to parametricity, and a formal system that embodies this approach, called system
R . Girard’s system F deals with terms and types; R is an extension of F that deals also with relations be -tween types.
1. Explicit relations
A polymorphic function is parametric if its behavior does not depend on the type at which it is instanti -ated [Strachey 1967] . A function that reverses lists, for example, is parametric because it does not look at the types of the elements of the lists given as inputs. There are important non-parametric polymorphic functions, such as a print function that maps values of any type to text representations. With this caveat, it can be argued that “truly” polymorphic functions are parametric, and in any case it is the parametric poly-morphic functions that form the core of languages such as ML [Milner, Tofte, Harper 1989] .
Reynolds's work provides a precise counterpart to the informal definition of parametricity just given [Reynolds 1983; Ma, Reynolds 1991] . Reynolds's abstraction theorem concerns a language similar to Gi -rard’s system F [Girard, Lafont, Taylor 1989], and implies that the instances of a polymorphic function at different types behave in “re lated” ways. For example, let f be an expressible function of type ∀(X)X→X (the type of the identity func tion), and let f(A) and f(B) be its instantiations at types A and B, respectively. In this case, the theorem says that, for any relation S between A and B, if Üa,báÏS then Üf(A)(a),f(B)(b)áÏS. A bit of calculation reveals that the iden tity function is the only function with this property, so f must be the identity function. This is what Wadler would call a “theorem for free” [Wadler 1989] : a result about a func tion that is obtained by examin ing only its type, and not its code. Reynolds's results about his system sug -gest that, more generally, one should view a function as parametric if and only if its instances at related types behave in related ways.
In the preceding discussion, functions, types, and rela tions are all semantic objects. Reynolds's results concern the models of polymorphic languages, such as F, and only indi rectly their syntax. Similarly, Wadler’s free theorems concern semantic objects in these models, and do not immediately refer to the world of syntax, where they might serve in proving properties of programs.
In this paper we develop a syntactic approach to parametricity. This approach is embodied in an exten -sion of F, called R , where relations between types are constructed and treated formally. In R , the free theo-rems can be stated and proved in a logical framework and without reference to par ticular classes of models. Several of these free theorems come from Wadler’s work, and we hope that our detailed, formal treatment illuminates their proofs; others seem to be new and intriguing. Various metatheorems about R can also be obtained, for example a syntactic version of the ab straction theorem. In all cases our results are not limited to closed terms.
The study of R seems to help in clarifying the notions of parametricity and the properties of parametric models. Semantic explorations steer a difficult course between heavyweight categorical constructions and lightweight fuzzy explanations; in contrast, we use a precise, elemen tary syntax. With this syntax, it is pos -sible to formulate re sults and conjectures that relate the intuitive definition of parametricity (“types are not needed at run time”) with Reynolds's mathematical one.
The remainder of this introduction contains an informal technical introduction and a comparison with a few recent related works. Sections 2 and 3 introduce R , its theory, and then some of the free theorems. In the conclusions we discuss further work, briefly touching on the semantics of R . The appendix contains the complete set of rules of the system. It also describes a proof, due to Hasegawa, of the inconsistency of an earlier version of R .
1.1 Parametricity
As an introduction to parametricity and to R , we give an example: we prove that all parametric func -tions of type ∀(X)X→Bool are constant. (Here Bool is the type of booleans as encoded in F:
Throughout, we focus on total functions. All computations are assumed to terminate. It is well known that the interaction of recursion and parametricity is not entirely trivial, and clearly some strictness condi-tions should be added to the relacondi-tions we consider below in the presence of recursion.
At the very least, a function f in ∀(X)X→Bool maps values of any type to booleans. More precisely: (i) If A is a type and b has type A,
then f(A) maps b to a boolean.
The primary examples of functions that satisfy (i) are the constant functions whose instances map any input to ei ther true or false. But, in some models, there are additional functions that satisfy (i) and that may be considered as belonging to ∀(X)X→Bool, such as a function zero-p with in stances that always map 0 to true and any other input to false. It is hard to code these additional functions in such a way that a type-checker would accept them, and the resulting code requires the use of types at run time. Hence, none of these functions can be considered parametric. Only the constant functions remain.
The sort of discussion of parametric functions that we just went through, to exclude for example zerop, is vague and not entirely satisfactory; it depends on the use of par tic ular models and on implemen -tation intuitions. Reynolds's more satisfactory approach is based on relations between types. But before we discuss relations in general, it is con venient to introduce the per model [Longo, Moggi 1991] , which is based on special relations.
In per semantics, types are interpreted as pers, that is, as partial equivalence relations (symmetric and transitive rela tions on the universe of values). Intuitively, b and c are related by the type A if they are equal elements of A, and in particular b is related to itself if it is an element of A. For example, A may be the type of all records with a field n of type Nat, and b and c may be two records that have a field n with the value 3, but differ on other fields; in this case b and c are related by A. We write b[A]c for Üb,cá Ï A.
Given two pers A and B, the set of all functions from A to B is also represented as a per: f[A→B]g iff for all x, y, if x[A]y then f(x)[B]g(y)
That is, two functions are equal in A→B if they map inputs equal in A to results equal in B. Universal quantification is interpreted as intersection, with bound variables ranging over pers.
For example, in the language of pers, the condition for f to be in the type ∀(X)X→Bool is that f[∀(X)X→Bool]f. It follows that f(A)[A→Bool]f(A), for all A, and then:
(ii) If b and c are equal as elements of A, then f(A) maps b and c to the same boolean.
In the per model, the only functions of type ∀(X)X→Bool are the two obvious constant functions (but this does not follow from (ii) alone). When A is a record type, for instance, re quirement (ii) implies that f(A)(b) cannot depend on fields in b not shown in the definition of A.
Reynolds's work does not assume a per semantics, but his notion of parametricity can be seen as a strengthening of requirement (ii); in this example, it says:
(iii) If S is a relation between types A and B, with a in A, b in B, and S relating a and b, then f(A)(a) and f(B)(b) are equal booleans.
Requirement (ii) corresponds to the special case where A = B, and S is the identity relation on A.
Intuitively, as Reynolds suggests, we may think of A and B as two different representations of the same type, and of a and b as two different representations of the same value; then requirement (iii) means that the function f re spects representation abstractions and, for each input, f returns re sults independently of the representa tion of the input.
are in terpreted as ranging over arbitrary relations rather than over pers. For example, the relation (∀(X)X→Bool)* is ∀(W)W→Bool *, and (∀(X)X→Y)* is ∀(W)W→Y .
The general form of (iii) can now be stated:
An element of type A is related to itself by the associated relation A*.
Essentially, Reynolds's abstraction theorem says that all the functions expressible in F satisfy this property. Thus, ac cording to the abstraction theorem, if f is expressible with type ∀(X)X→Bool, then f must be re -lated to itself by ∀(W)W→Bool *. It follows that if A and B are two types and S is a relation between them, then f(A) and f(B) are re lated in S→Bool*, and so if S relates a and b it follows that Bool* relates f(A)(a) and f(B)(b), as stated in (iii).
With (iii), it is simple to prove that constant func tions are the only elements of the type considered: Let f be a function of this type, let A be a type, and let S be the rela tion between A and Bool that associates ev-ery element of A with true. Then f(A) and f(Bool) are related by S→Bool*, and if a is an element of A then f(A)(a) and f(Bool)(true) are related by Bool*, that is, f(A)(a) is equal to the fixed boolean f(Bool)(true), in-dependently of A and a. By exten sionality, f is one of the two constant functions. (The use of Bool and true is arbitrary; they can be replaced with any other closed type and closed term of that type.)
Reynolds's notion of parametricity is not limited to binary relations. We consider only binary relations for simplicity, and because they are powerful enough in deriving all the familiar consequences of para -metricity.
1.2 Formalizing parametricity
Reynolds's relational approach to parametricity lends itself to a syntactic treatment. System R provides such a treatment, based on judgments and rules in the style of those of F.
Three judgments generalize those of system F (described in the appendix): ∫ E E is a legal environment
E A B
∫ R R is a relation between types A and B in E
E
a : A b : B
∫ R R relates a of type A and b of type B in E
An equality relation on values is not needed. Instead of writing that b and c are equal in A, we can promote the type A to a relation A* (between A and A; intuitively, the identity relation) and write that A* relates b and c. As a consequence we write:
E
b : A A* c : A
∫ corresponding to the F judgment E b = c : A∫
The environments of R contain two sorts of assumptions, directly inspired by the corresponding ones for F environments:
X Y
W W is a relation variable between type variables X (domain) and Y (codomain)
x : A y : BR
Using these judgments, we now review some of the cen tral rules of R . We start with rules that imitate those of F for → and ∀.
The introduction and elimination rules for → are, re spectively:
E , x : A x’ : A’
b : B b’ : B’
E B B’ x b’ x’ b E
(x : A)b : A B (x’: A’)b’ : A’ B’
R S S
R S
∫ ∫ Ì
Ì
∫ λ
λ
→ →
→
E
b : A B b’ : A’ B’
E
a : A a’ : A’ E
b(a) : B b’(a’) : B’
∫ ∫
∫
→ →
→
R S R
S
These rules follow the same pattern as the F rules:
E, x : A b : B E (x : A)b : A B
∫
∫ λ →
E b : A B E a : A E b(a) : B
∫ ∫ ∫
→
The introduction rule says: Assume that if R relates x of type A and x’ of type A’, then S relates b of type B and b’ of type B’. Then R → S, a relation between A→B and A’→B’, relates the functions λ(x:A)b of type A→B and λ(x’:A’)b’ of type A’→B’. An extra hypothesis that S relates B and B’ is added to simplify our technical lemmas. The elimination rule works in the opposite direc tion, applying related functions to related arguments and obtaining related results.
The introduction and elimination rules for ∀ are:
E , X X’
b : B b’ : B’
X b’, B’, X’ b, B,
E
(X)b : (X)B (X’)b’ : (X’)B’
W S SS
(W)S
∫ Ì
Ì ∫ Ó Ó Ó λ λ E
b : (X)B b’ : (X’)B’
E C C’ E
b(C) : B{X C} b’(C’) : B’{X’ C’} ∫ Ó Ó Ó ∫ ∫ (W)S T
S{W ←T}←
←
These rules follow the same pattern as the F rules:
E , X b : B E (X)b : (X)B
∫
∫ Óλ
E b : (X)B E C E b(C) : B{X C}
∫ Ó ∫
∫ ←
The introduction rule says: Assume that if W is a relation between types X and X’, then S relates b of type B and b’ of type B’. Then ∀(W)S, a relation between ∀(X)B and ∀(X’)B’, relates the polymorphic terms
λ(X)b of type ∀(X)B and λ(X’)b’ of type ∀(X’)B’. Again, the elimination rule works in the opposite direc -tion: it applies two related polymorphic terms to related types, obtaining related instances.
The system has three rules for variables:
(Rel Val x y) E’ ,
x : A y : B
, E”
E’ , x : A y : B
, E”
x : A y : B
R ∫ ∫ R R R
(Rel Val ) E’ ,
x : A y : B
, E”
E’ , x : A y : B
, E”
x : A A* x : A
R R R x ∫ ∫
(Rel Val ) E’ ,
x : A y : B
, E”
E’ , x : A y : B
, E”
y : B B * y : B
Ry
∫
∫
R
R
The first rule is straightforward. The other two formalize our parametricity condition. For our example of section 1.1, these two rules imply that if a variable f has type ∀(X)X→Bool then f is related to itself by
∀(W)W →Bool *. From here we can apply the elimination rules for ∀and →, and obtain (iii). This kind of
reasoning is common in our examples of section 3. (In [Abadi, Cardelli, Curien 1993], we had adopted a different formalization of parametricity; it turned out to be inconsistent, see the appendix.)
The preceding rules, together with the rules of β and η conversion, form the core of the fragment of R
that deals with relations built from variables, →, and quantifiers. This basic system, called R 0, is sufficient
if F proves E a : A∫ then R 0 proves
E
a : A A* a : A ∫
This is a syntactic version of Reynolds's identity extension property. For closed terms, it can be proved without appeal to parametricity, that is, without using (Rel Val R x) or (Rel Val R y). We also obtain all F equalities:
if F proves E a = a’: A∫ then R 0 proves
E
a : A A* a' : A ∫
But R 0 is not very powerful without some additional methods for constructing relations. In fact, under the
encoding just suggested, R 0 is a conservative extension of F.
Until now, the relational constructions have followed closely the ordinary type constructions. In addi -tion we allow rela-tions defined from func-tions, obtaining a system called R 1:
E b : A B E a : A
E
a : A b b(a) : B
∫ ∫
∫ Ü á
→
E
a : A b c : B
E b : A B
E
b(a) : B B * c : B
∫ Ü á ∫
∫
→
where
E ∫ a : A is an abbreviation for
E a : A
A* a : A
∫ (and similarly for b).
With these rules, terms can be turned into relations: any function b from A to B can be seen as a rela -tion Übá between A and B, intuitively the graph of the function. The rules for functional relations have no analogue in F. Our formalism yields the results typically associated with parametricity only when we in clude rules for constructing functional relations. Functional relations are often useful for obtaining free the -orems; for the example of section 1.1, the relevant functional relation is a constant one, obtained from the function from A to Bool that maps any a in A to true.
One can easily imagine mechanisms for defining relations beyond taking the graphs of functions. We have not yet found examples where these mechanisms are needed.
1.3 Related work
By now there are many papers on semantic aspects of parametricity ([Bainbridge, et al. 1990; Hasegawa 1991; Ma, Reynolds 1991; Hasegawa 1992; Mitchell, Scedrov 1992], and others). On the other hand, the syntactic study of parametricity is rather new. Some recent work is re lated to ours.
Mairson advocated and developed a syntactic approach to parametricity in order to provide careful formal versions of some of Wadler’s theorems [Mairson 1991]. Mairson’s approach consists in translating a polymorphic language into a secondorder logic. Because the secondorder logic used is fairly weak, induc -tion arguments become necessary in some of the proofs; our proofs, like Wadler’s, do not rely on induc-tion. Mairson treated a system with implicit typing; this stands in contrast with our approach where types and re-lations are treated explicitly. The resulting formalisms have very different properties.
Cardelli et al. have defined F<:, an extension of F with subtyping [Cardelli, et al. 1991] . Curiously, the rules for F<: capture some aspects of parametricity, but they do not provide a full account of it.
Longo, Milsted, and Soloviev investigated para metricity in a system like F with just one new rule (a special case of one of the rules of F<:) [Longo, Milstead, Soloviev 1993] . The system is weaker than R , and leads to different sorts of results.
Finally, Plotkin and Abadi explore an alternative formalization of parametricity closer in spirit to Mair-son’s [Plotkin, Abadi 1993]. That paper describes a second-order logic with an axiom of parametricity; the logic is not an extension of system F, like R , but rather a logic about system F terms.
2. Formal parametricity
In this section we describe our formalization of parametricity. We aim at a hypothetical system that would be sufficient to prove all the desired parametricity properties of polymorphic programs. Our current approxi mations are called R 0 and R 1; they are treated in sections 2.1 and 2.2 respec tively.
The system R 0 is a rather weak system of pure relations with relational constructions induced by the
type construc tions of F. A number of technical lemmas can be proved for R 0, and these lead to several
in-teresting metatheorems. For ex ample, a suitable encoding of F in R 0 yields all F typings and F equalities. In
addition, R 0 is a conservative extension of F for typing and equality derivations. The abstraction theorem
and the identity extension property hold in R 0 but they are not very useful (as the conservativ ity result
indi-cates) without some additional means for constructing relations. Hence, we extend R 0 with functional rela
-tions, obtaining R 1. Relation ex pressions become dependent on value expressions, and the syntactic proper
-ties of the system become slightly more com plex. Fortunately, most R 0 metatheorems extend easily to R 1,
simply because R 0 deriva tions are also R 1 derivations. As a typing system, R 1 is still conservative over F,
but new equations are prov able.
Unless otherwise indicated, the proofs of this section are structural inductions on derivations. The proofs are long but not difficult, if carried out in the order of presentation of the claims. We point out the crucial dependencies.
2.1 Relational interpretation of system F (system
R
˚0˚)
We use ∫F
for derivations in F, and ∫R0
(or simply ∫ in this section) for derivations in R 0. Our for
-malization of system F is listed in the appendix; note the explicit form of the equality judgments ( E ∫F a = b : A
), which include type and environment information. The complete rules for system R 0 are
also listed in the appendix.
In section 2.1.1 we establish the most basic metaproperties of system R 0. In section 2.1.2 we relate typ
-ing in F with typ-ing in R 0. In section 2.1.3 we state more structural lemmas for R 0. In section 2.1.4 we
show the soundness and completeness of F equality in R 0, that is, we show that F and R 0 prove the same
equations. The main result of the section is theorem (Partial relational interpretation of F), which is split across sections 2.1.2 and 2.1.4. Remarkably, this theorem yields as corollaries both the abstraction theorem and the identity extension property.
2.1.1 Basic structural lemmas
Notation
¢ We write dom(E) for the domain of E, that is, the collection of all the variables introduced by an envi-ronment E.
¢ We use the following metavariables: x,y,z range over value variables; X,Y,Z range over type variables;
W, X range over relation variables; a,b,c,d range over value terms; A,B,C,D range over type terms; R ,S,T,U
range over relation terms; E ranges over environments.
¢ We write for the empty environment; we often omit this symbol.
¢ We use J to stand for either
A B
R or
a : A b : BR .
¢ By
J{ξ←τ} we indicate the substitution of τ for ξ in every component of J, where ξ can be one of
x,X,W, and τ can be one of a,A,R . Similarly, E{ξ←τ}, with ξÌ dom(E), indicates a substitution in every component of the environment E. Note though that J{X←R} may not be well-formed if J contains value terms.
¢ By
J ξξ1 ττ1
2 2 ← ← and
J ξ τ ξ τ ξ τ 1 1 2 2 3 3 ← ← ←
, where ξi are distinct, we indicate simultaneous substitutions per
-formed as above (and similarly for an environment E in place of J, with ξi Ì dom(E)). ¢ For a type A, the relation A* is defined inductively as follows:
X* @ X
(A→B)* @ A*→B*
(∀(X)B)* @ ∀(W)(B*{X←W })
¢ We use the following abbreviations in order to embed F notation in R :
E A E A A*
A
∫ @ ∫
E a : A E
a : A A* a : A
∫ @ ∫
∫ @E, X, E' E, ∫ X X'
E'
X ,
E, X, E' E, X X'
E'
∫ @J X , ∫ J where X, X’ are fresh
∫ @E, x : A, E' E, ∫ x : AA* x' : A
E' ,
E, x : A , E' E, x : A
A* x' : A
E'
∫ @J , ∫ J where x’ is fresh
We start our study of R with three basic structural lemmas:
Lemma (Renaming)
Assume x’,y’,X’,Y’,W’ Ì dom(E,E’)∪{x,y,X,Y,W }. Then:
¢
∫ ∫ E,X
Y
, E’ E, X’ Y’
, E'
X X’ Y Y’
W ⇒ W W ←←W
← ’ ’ ¢ E, X Y
, E’ E, X’ Y’ , E’ X X’ Y Y’ X X’ Y Y’
W ∫ ∫ J ⇒ W W ←←W J W W
← ← ← ← ’ ’ ’ ¢
∫ ∫ E,x : A y : B
, E’ E, x’ : A y’ : B
, E’ xy x’y’
R ⇒ R
{ }
←← ¢
E, x : A y : B
, E’ E, x’ : A y’ : B
, E’ xy x’y’ xy x’y’
R ∫ ∫ J ⇒ R ← J
←
{ }
←←
{ }
Moreover, the derivations of the conclusions can have the same size as the derivations of the assumptions.
(2) ¢
∫ Ì E,X
Y
, E’ ’
W ⇒ X, Y,W dom(E, E ), X, Y,W distinct
¢
∫ ∫ E,x : A Ì
y : B
, E’ E A B
’
R ⇒ R ∧ x, y dom(E, E ), x, y distinct
Lemma (Weakening)
Assume ∫ E, E” and dom(E")∩dom(E’)=. Then:
¢ ∫ ∫ E, E’ ⇒ E, E”, E’ ¢
E, E’ E, E”, E’ ∫ ∫ J ⇒ J
2.1.2 From F to R˚0 and from R˚0 to F (typing)
First, we show the conservativity of R 0 over F for typing. We need a definition for flattening an R envi
-ronment E into an F envi-ronment (E)F. The relation part of E is forgotten in (E)F:
Definition (Environment flattening)
¢ ( ) =
F
¢
E, X Y
= (E) , X, Y
F
F
W
¢
E, x : A y : B
= (E) , x : A, y : B
F
F
R
Theorem (Flattened F derivations from R derivations) or (Conservativity over F for typing)
(1)
∫ ∫ E (E)
F
⇒ F
(2)
E A B
(E) F A (E) F B
∫ ∫ ∫ R ⇒ F ∧ F
(3)
E
a : A b : B
(E) F a : A (E) F b : B
∫ ∫ ∫ R ⇒ F ∧ F
Conversely, there are several possible encodings of F in R 0 . To each type variable X, we associate a
fresh type variable X1 and a fresh relation variable X between X and X1. We proceed similarly for value
vari ables; for example, to each x of type A we may associate a fresh x1 of type A related to x by A*. This
enables us to map F environments to R 0 environments. Then, for each use of a type variable X in an F
judgment, there will be uses of X, X, or X1 in a corresponding R 0 judgment. We have some freedom in
choosing between X, X, and X1. We have a similar freedom in the choice of value variables. We can use
this freedom to provide several different encodings of F in R 0.
After some technical definitions, we present our most general encoding in theorem (Partial relational interpretation of F). We obtain two simpler encodings as corollaries.
Definition (Decorating variables)
Let Ξ be a set of type and value variable names. The translation: [-]n
decorates with a numerical subscript n every variable not belonging to Ξ but occurring free in an expres -sion. For exam ple:
[ (x : (Y)X Y) y(z)]1 (x : (Y)X Y) y(z )
{y}
1 1
λ ∀ → =λ ∀ →
We assume that variable decorations are always chosen so as not to introduce variable clashes.
Definition (Types as relations)
Let Ξ be a set of type and value variables. The translation [A]RΞ is defined as follows:
[X] = R X (X )
Ξ ∉Ξ
[X] = X R (X )
Ξ ∈Ξ
[A→B] = [A]R R →[B]R
Ξ Ξ Ξ
[ (X)B] = [B]
\{X}
∀ R ∀(X)
(
R)
Ξ Ξ
Thus, the translation transforms type quantifiers into relation quantifiers, and free type variables not belong -ing to Ξ into free relation variables. In particular, if E ∫ A and Ξ=dom(E), then
[A]R
Ξ is A*.
Definition (Environment decoration)
Let Ξ be a set of type and value variables and let E be an F environment. The translation
[E]1
Ξ
R is defined as
follows:
[ ] ∅ 1 = ∅
Ξ
R
[E, X] = [E] X X1
1 1
Ξ Ξ
R R, X
[E, x : A] = [E]
x : A [A] x : [A]1 1
1 1
Ξ Ξ Ξ
Ξ
R R, R
Theorem (Partial relational interpretation of F)
(1) ∫ F E, E’ ⇒
∫
R0
E, [E’]dom(E)
1
R
(2) E, E’ ∫ F A ⇒
E, [E’]
A [A] [A]
dom(E) dom(E)
1 dom(E) 0
1
R ∫R R
(3) E, E’ ∫ F a : A ⇒
E, [E’]
a : A [A] [a] : [A]
dom(E) dom(E)
1 dom(E)
1 dom(E) 0
1
R ∫R R
Note that the occurrences of E on the right of the implications are abbreviations for R environments, as de-fined in section 2.1.1.
Proof
The proof of this theorem (and of its continuation in section 2.1.4) is by induction on F derivations, for any division of environments into two parts, E and E’. In the proof of (3), the variable cases are settled using (Rel Val xR y) for variables in dom(E’), and using (Rel Val R x) for variables in dom(E).
M
Corollary (Relational interpretation of F)
(1) ∫ F E’ ⇒
∫
R0
[E’]
1
∅
R
(2) E’ ∫ F
A ⇒
[E’]
A [A] [A]
0
1 1
∅ ∅
∅
R ∫R R
(3) E’ ∫ F
a : A ⇒
[E’]
a : A [A] [a] : [A]
0
1 1
1
∅ ∅
∅ ∅
R ∫R R
Part (3) of this corollary is a syntactic version of Reynolds's abstraction theorem. It can be proved directly, and its proof does not require the use of parametricity (that is, the use of the rules (Rel Val R x) and (Rel Val R y)).
Corollary (Soundness of F in R˚)
(1) ∫ F E ⇒ ∫R0
E (2) E ∫ F
A ⇒ E A∫R0
(3) E ∫ F
a : A ⇒ E a : A∫R0
Part (3) of this corollary is a syntactic version of Reynolds's identity extension property. We refer to it by that name in the sequel.
We close this section with another lemma about flattening. Its proof is very similar to that of the theo-rem (Partial relational interpretation of F).
Lemma (R derivations from flattened F derivations)
(1) ∫ ∫E (E) A E A∫
F F
∧ ⇒
(2) ∫ ∫E (E) a : A E a : A∫
F F
∧ ⇒
Proof
We prove the statements (1) and (2) as instances of the following more general statements, which are proved as the corresponding statements (1)-(3) of the theorem (Partial relational interpretation of F): (1’)
∫ ∫E (E) , E’ ∫ E,[E’]
F F
dom(E) 0
∧ ⇒ R
1
R
(2’)
∫ ∫E (E) , E’ A E,[E’] ∫ [A]A [A]
F
F dom(E) dom(E)
1 dom(E) 0
∧ ⇒
1
R R R
(3’)
∫ ∫E (E) , E’ a : A E,[E’] ∫ [A]a : A [a] : [A]
F
F dom(E) dom(E)
1 dom(E)
1 dom(E) 0
∧ ⇒
1
R R R
M
2.1.3 Structural lemmas (continued)
Lemma (Rel Id)
E A B
E A E B
∫ ∫ R ⇒ ∧ ∫
Proof
From
E A B
0
∫R R
we derive
(E) F ∫ A
F
and
(E) F ∫ B
F
by theorem (Flattened F derivations from R deriva -tions), and conclude by lemma (R derivations from flattened F derivations).
M
Lemma (Type substitution)
Assume
E C D ∫ U. Then:
(1)
∫ ∫ E,X
Y
, E’ E, E’
X C Y D
W ⇒ W←←U
←
(2)
E, X Y
, E’ E, E’
X C Y D
X C Y D
W ∫ ∫ J ⇒ W←←U J W U
←
← ← ←
Proof
We mention only that the case (Rel W) requires lemma (Weakening), and that the case (Rel WX) requires lemma (Rel Id) in addition.
M
With similar proofs, we obtain:
Lemma (Rel Val Refl)
E
a : A b : B
E a : A E b : B
∫ ∫ R ⇒ ∧ ∫
Lemma (Value substitution)
(1)
∫ ∫ E, z : D z’ : D’
, E’ E, E’
U ⇒
(2)
E, z : D z’ : D’
, E’ A B
E, E’ A B
U ∫ ∫ R ⇒ R
(3)
E
d : D d’ : D’
E, z : D z’ : D’
, E’
a : A b : B
E, E’
a : A b : B
z d z’ d’
∫ ∫ U ∧ U R ⇒ ∫ R ←
Lemma (Implied judgments)
(3)
E
a : A b : B
E A B
∫ ∫ R ⇒ R
We conclude with some derived rules that generalize the R rules for β and η equivalence.
Lemma (Generalized beta/eta)
(Gen Beta) E ,
x : A x’ : A’
b : B b’ : B’
E
a : A a’ : A’
x b’, x’ b,
E
(x : A)b)(a) : B b’{x’ a’} : B’
E
b{x a} : B (x’: A' )b’)(a’) : B’
R S R SS
S S
∫ ∫ Ì
Ì
∫ ∫ (
←
← (
λ
λ
(Gen Beta2) E ,
X X’
b : B b’ : B’
E C C’
X b’, B’, X’ b, B,
E
(X)b)(C) : B{X C} b’{X’ C’} : B’{X’ C’}
E
b{X C} : B{X C} (X’)b’)(C’) : B’{X’ C’}
W S T SS
S{W T} S{W T}
∫ ∫ Ì
Ì
∫ ∫ ( ← ←
← ←
← ←
←
(λ ←
λ
(Gen Eta) E
b : A B b’ : A’ B’
x, x’ dom(E)
E
(x : A)b(x) : A B b’ : A’ B’
E
b : A B (x’: A’)b’(x’) : A’ B’ ∫ Ì
∫ ∫
→ →
→ → →
→
→ →
→
R
R R
S
S S
λ
λ
(Gen Eta2) E
b : (X)B b’ : (X’)B’
X, X’ dom(E)
E
(X)b(X) : (X)B b’ : (X’)B’
E
b : (X)B (X’)b’(X’) : (X’)B’ ∫
Ó Ó
Ó
Ì
∫
Ó Ó
Ó
∫
Ó Ó
Ó
(W)S
(W)S (W)S
λ
λ
2.1.4 From F to R˚0 and from R˚0 to F (continued)
In this section, we complete the material of section 2.1.2 by showing that the same equalities can be derived in F and in R 0 . We begin by extending the theorem (Partial relational interpretation of F) to equali
-ties.
Lemma (Environment redecoration)
Let ∫F E, E’. If E, E’ ∫R0 J
and no variables from the middle or bottom of E,E’ occur free in J, then
E, [E’]
dom(E) 0
1
R ∫R J.
Proof
Then E, E’
0
˜ ∫R ˜
J, and by weakening
E, [E’] , E’
dom(E) 0
1
R ˜ ∫R J˜.
Moreover, for every Xi in E' we have E,[E’] X X X dom(E) i i i 0 1
R ∫R by (Rel W X),
and for every xj:Aj in E' we have
E,[E’]
x : A A * x : A
dom(E) j j
j
j j
0
1
R ∫R by (Rel Val R x).
By repeated applications of (Type substitution) and (Value substitution) to
E, [E’] , E’
dom(E) 0
1
R ˜ ∫R J˜, elimi
-nating the variables of ˜E’ from left to right, we obtain:
E, [E’]
X X X X ’ X
x x x ’ x
dom(E) i i
i i i i j j j j 0 1
R ∫R J X˜
˜ ˜ ˜ ˜ ˜ ← ← ← ← ←
The bottom three sets of substitutions are vacuous by assumption. The top two sets of substitutions trans -form J˜ back into J.
M
Theorem (Partial relational interpretation of F)
(4) E, E’ ∫ F a = b : A ⇒
E,[E’]
a : A [A] [b] : [A]
dom(E) dom(E) 1 dom(E) 1 dom(E) 0 1
R ∫R R and
E,[E’]
b : A [A] [a] : [A]
dom(E) dom(E) 1 dom(E) 1 dom(E) 0 1
R ∫R R
Proof
The cases (Val Beta), (Val Beta2), (Val Eta), and (Val Eta2) are solved with the (Generalized beta/eta) lemma. We detail the case (Val Eq Trans). If E, E’ ∫ F
a = b : A and E, E’ ∫ F b = c : A , then, apply -ing (4) to
E, E’ ∫ F a = b : A with the splitting (E,E’),(∅)of E,E’, and to E, E’ ∫ F b = c : A with the splitting (E),(E’),
we get:
E, E’, [ ]
a : A [A] [b] : [A]
dom(E,E' ) dom(E,E' )
1 dom(E,E' ) 1 dom(E,E' ) 0 ∅ 1
R ∫R R
and
E, [E’]
b : A [A] [c] : [A]
dom(E) dom(E) 1 dom(E) 1 dom(E) 0 1
R ∫R R
The former can be written more simply
E, E’
a : A A b : A
0
∫R
*
so, by lemma (Environment redecoration) E, [E’]
a : A A
dom(E) 0
The conclusion
E, [E’]
a : A [A] [c] : [A]
dom(E) dom(E)
1 dom(E)
1 dom(E) 0
1
R ∫R R
follows by (Rel Val Saturation Lft). The other judgment relating c and [a]1 dom(E)
is proved similarly. M
Again, we obtain two interesting special cases:
Corollary (Relational interpretation of F)
(4) E’ ∫ F
a = b : A ⇒
[E’]
a : A [A] [b] : [A]
0
1 1
1
∅ ∅
∅ ∅
R ∫R R and
[E’]
b : A [A] [a] : [A]
0
1 1
1
∅ ∅
∅ ∅
R ∫R R
Corollary (Soundness of F in R˚)
(4) E ∫ F
a = b : A ⇒
E
a : A A b : A
0
∫R
*
The final theorem about R 0 is a conservativity result; it states that if two terms are related in R 0 by a
type, then they are provably equal in F modulo renamings of free variables. Some definitions are needed to express the necessary renamings:
Definition ( E , E©© ®®)
E© is the F environment built from the top part of the R environment E. Note that ∫R öûú ∫ ©
E EF
.
©
© ©
© ©
E, X Y
E , X E, x : A y : B
E , x : A
=
=
=
W R
E® is defined symmetrically from the bottom part of E.
Definition ( E , E‰‰ ÂÂ)
{E }⇓ is the substitution that replaces Y by X for each
X Y
W in E, and
replaces y by x for each
x : A y : B
R in E.
{E }⇑ is defined symmetrically.
Theorem (Conservativity over F for equality in R˚0˚)
∫R 0 E ⇒ ∫ F E {E }⇓ ∧ ∫F E {E }⇑
©
®
E A B
E {E } A{E }F E {E } B{E }F
∫R 0 ∫ ∫
R ⇒ ⇓ ⇓ ∧ ⇑ ⇑
©
E
a : A A* b : A
E {E } F (a = b : A){E } E {E } F (a = b : A){E }
∫R 0 ∫ ⇒ ⇓ ⇓ ∧ ∫
⇑ ⇑
©
®
For example, here is an instance of the third implication of the theorem:
X Y ,
x : X X y : X
x : X X y : X
(X, x : X){Y X, y x} (x = y : X){Y X, y x} (Y, y : X){X Y, x y} (x = y : X){X Y, x y}
F
F
W ∫ 0
∫ ∫
R ⇒ ← ← ← ←
← ← ← ←
that is:
X Y ,
x : X X y : X
x : X X y : X
X, x : X x = x : X Y, y : Y y = y : Y
F
F
W ∫ 0
∫ ∫
R ⇒
2.2 Functional relations (system
R
˚1)
In this section we use ∫R1
(or simply ∫ ) for derivations in R 1. The complete rules for system R 1 are
listed in the appendix. Since the rules of R 0 are included in R 1, we have:
Lemma (Transfer)
For every R 0 derivation there exists an R 1 derivation which has the same size and shape and the same
con-clusion.
The following R 0 results from section 2.1 extend to R 1 by uniformly replacing R 0 derivations by R 1
derivations in the statements: (Renaming), (Weakening), (Flattened F derivations from R derivations), (R
derivations from flattened F derivations), (Rel Id), (Type substitution), (Rel Val Refl), (Implied judgments), (Generalized beta/eta), (Partial relational interpreta tion of F), (Relational interpretation of F), and (Soundness of F in R ). The R 1 proofs use either straightforward extensions of the R 0 inductions, or the
(Transfer) lemma.
The value substitution lemma reads as follows in R 1:
Lemma (Value substitution)
Assume
E
d : D d’ : D’ ∫ U . Then:
(1)
∫ ∫ E,z : D z’ : D’
, E’ E, E’ z’z d’d
U ⇒
{ }
←←(2)
E, z : D z’ : D’
, E’ A B
E, E’ z’z dd’ A B
z d z’ d’
U ∫ ∫ R ⇒ ← R
←
{ }
←←
{ }
(3)
E, z : D z’ : D’
, E’
a : A b : B
E, E’ z’z d’d
a : A b : B
z d z’ d’
U ∫ ∫ R ⇒ ← R
←
{ }
←←
{ }
One of the conservativity results for R 0, (Conservativity over F for equality in R 0 ), does not extend to
R 1 . Many examples of new equalities are shown in section 3.
Counterexample (to strengthening)
One might expect a strengthening lemma to hold, as it does in F. Such a lemma would claim that if E,x:A ∫ J is provable and x does not occur in J, then E ∫ J is provable as well. As in calculi with empty types [Meyer, et al. 1990] this lemma fails in R 1.
As an example we show that
x : (X)X
true : Bool Bool * false : Bool
Ó ∫ but the consistency of R 1 disallows
∫true : BoolBool * false : Bool
(see section 4). This result can be attributed to the fact that ∀(X)X is provably initial, as stated in sec tion 3.
We start by introducing a functional relation, proving that
x : (X)X
Bool (y : Bool)true
Bool
Ó ∫ Üλ á. Furthermore
we have
x : (X)X
x(Bool) : Bool (y : Bool)true x(Bool) : Bool
Ó ∫ Üλ á by (Rel Val R x) and (Rel Val Appl2), and eliminating the functional
relation we obtain
x : (X)X
true : Bool Bool * x(Bool) : Bool
Ó ∫ . Similarly, we derive
x : (X)X
false : Bool Bool * x(Bool) : Bool
Ó ∫ . Finally,
by (Rel Val Symm) and (Rel Val Saturation Lft), we obtain
x : (X)X
true : Bool Bool * false : Bool
Ó ∫ .
3. Theorems for free, syntactically
In this section we illustrate the power of R 1 by carrying out formal proofs. The results given below
ap-ply to all terms, and not just to closed terms. In some cases, even the results for closed terms are somewhat difficult; Wadler’s work [Wadler 1989] includes a few interesting semantic results that can be read as re-sults about closed terms. In order to deal with open terms we do not use structural induction (like Mairson), but rather the rule (Rel Val R x) and the identity extension property (that is, part (3) of corollary (Soundness of F in R), see section 2.1.2). Throughout the section, the η rules are used heavily.
We begin with two simple examples in the first two subsections. Then we develop some general tech -nical tools in sections 3.3 through 3.5; the reader may prefer to skim these sections in the first pass. We formalize commuting squares of functions and the notion of extensional equality of relations. Furthermore, we show that covariant functors commute with functional relations. In section 3.6 we apply these tools to prove properties of the type of the map function. We also obtain a more substantial theorem about initial al -gebras in section 3.7: the F encoding of initial al-gebras for covariant functors is indeed initial. (Without parametricity assumptions, the encoding is weakly initial.) Similarly, we treat the encoding of products and coproducts in section 3.8. In section 3.9, we briefly discuss some applications of initiality (mainly to prop -erties of the type Nat). Finally, in section 3.10, we raise a conjecture that connects Reynolds's notion of parametricity with type erasures.
In many statements we make the superscripts explicit in ∫F
and ∫R1
, especially when a statement in-volves judgments of both systems. Superscripts are often omitted in proofs. A plain ∫ stands for ∫R1
. We use the abbreviations introduced in section 2 and summarized in the appendix.
3.1 A simple example
As a first example we generalize and formalize the reasoning of section 1 about the type
Proposition (Constant)
The type ∀(X)X→A (where X is not free in A) is isomorphic to A. That is, given E such that E ∫FA, there exist two terms i and j such that E ∫Fi: (∀(X)X→A)→A , E ∫Fj: A→(∀(X)X→A), and:
E, u : A
i(j(u)) : A A * u : A ∫R1
E, t : (X)X A
j(i(t)) : (X)X A ( (X)X A) * t : (X)X A
∀ → ∀ ∀ → →
∀ →
∫R1
where u and t are fresh.
Proof
First we observe that, by the soundness of F in R , E ∫FA implies E ∫ A, hence ∫ E,u:A. Define: j=λ(u:A)λ(X)λ(x:X)u
For each u, j(u) is a polymorphic constant function. Pick a closed type B and a closed term b such that ∫Fb:B (for example, B = ∀(X)X→X, b = λ(X)λ(x:X)x). By the soundness of F in R and weakening, we have E, X, z:X ∫ b:B. Now define:
i=λ(t: ∀(X)X→A)t(B)(b)
Two applications of the β rule yield:
E, u : A
i(j(u)) : A A* u : A
∫ .
The second result requires parametricity. We consider the constant function λ(z : X)b as a relation. We have
E, X
X (z : X)b
B
∫ Üλ á by (Rel FRel), hence
E, t : (X)X A X
t(X) : X A (z : X)b A*
t(B) : B A
∀ → →→
→
, ∫ Üλ á by (Rel Val R x) and (Rel Val Appl2). By functional-relation introduction (more precisely, by (Rel Val FRel Intro), (Rel Val Beta), and (Rel Val Satura tion Rht)) we have
E, X, x : X
x : X (z : X)b
b : B
∫ Üλ á. By (Rel Val Appl) it follows that
E, t : (X)X A, X X
, x : X x : X
t(X)(x) : A A* t(B)(b) : A
1 1 1
∀ → X X ∫ , where we have partially expanded the environment abbre
-viations. By the β rules, we can replace t(B)(b) with j(i(t))(X )(x )1 1 . We obtain:
E, t : (X)X A, X X
, x : X x : X
t(X)(x) : A A* j(i(t))(X )(x ) : A
1 1 1 1 1
∀ → X X ∫
and the second conclusion follows by (Rel Val Fun), (Rel Val Eta), (Rel Val Fun2), and (Rel Val Eta2). M
3.2
∀(X)X→Xcontains only the identity function
Proposition (Terminal)
E f : (X)X X E
f : (X)X X ( (X)X X) * id : (X)X X
F
∫ ∫∀ → ⇒ ∀∀ →→
∀ →
R1
Proof
By the theorem (Soundness of F in R ) and by the lemma (Value substitution), it suffices to prove:
z : (X)X X
z : (X)X X ( (X)X X) * id : (X)X X Ó
Ó Ó
Ó
→ →→
→
∫
Using (Rel FRel) we obtain
z : (X)X X, X, x : X
(X)X X (g : (X)X X)x
X
Ó → ∫Üλ ∀∀ →→ á.
Hence we derive:
z : (X)X X, X, x : X
z( (X)X X) : ( (X)X X) ( (X)X X) (g : (X)X X)x (g : (X)X X)x
z(X) : X X
∀ → ∀ ∀→ →∀ →→ → ∀∀ →→
→
∫ Üλ á Üλ á
by (Rel Val R x) and (Rel Val Appl2),
z : (X)X X, X, x : X
z : (X)X X (g : (X)X X)x
x : X
∀ → ∫ Üλ ∀∀ →→ á,
by (Rel Val FRel Intro), (Rel Val Beta), and (Rel Val Saturation Rht),
z : (X)X X, X, x : X
z( (X)X X)(z) : ( (X)X X) (g : (X)X X)x
z(X)(x) : X
∀ → ∫ ∀ Üλ →∀ →∀ á → .
by (Rel Val Appl), and
z : (X)X X, X, x : X
x : X X z(X)(x) : X
∀ → ∫
by (Rel Val FRel Elim). Furthermore, we have:
z : (X)X X, X X
, x : X x : X
z(X)(x) : X z(X )(x ) : X
1 1 1 1 1 1
∀ → X X ∫ X
by (Rel Val R x), (Rel W ), (Rel Val Appl2), (Rel Val xR y), and (Rel Val Appl); and by (Rel Val Saturation Lft) we derive:
z : (X)X X, X X
, x : X x : X
x : X z(X )(x ) : X
1 1 1 1 1 1
∀ → X X ∫ X
After using the β rules to equate x and id(X)(x), the conclusion follows as in proposition (Constant), with in addition an application of (Rel Val Symm).
3.3 Commuting squares as assumptions
The following three subsections develop tools that serve to formulate and prove theorems about the type of map (section 3.6) and about initial algebras (section 3.7). We first formalize in R 1 the assumption
that a square like the following commutes:
k t
t’ h
B A
B’ A’
→
→
↓
↓
Functional relations can be used to encode such an equational assumption. The commutation of the di -agram above can be expressed by the requirement that Ü ák →Ü áh relates t and t’. This is formalized in the following lemma, where we use “;” to denote the (encoding of) composition, setting t;h = λ(x)h(t(x)).
Lemma (Commuting squares)
Suppose that E t : B∫ F →A, E t’: B’∫ F →A’
, E k : B∫ F →B’, and E h : A∫ F →A’
. Then
E
t; h : B A’ (B A’) * k; t’: B A’
∫R1 →
→
→ if and only if
E t : B A
k h t’: B’ A’
∫R1 →
→ →
Ü á Ü á .
Proof
Let
E
t; h : B A’ (B A’) * k; t’: B A’
∫ →→
→ .
We claim:
E,
x : B k x’: B’
t(x) : A h t’(x’) : A’ Ü á ∫ Ü á
where x and x’ are fresh. By (Rel Val Saturation Rht) we may decompose the claim into three parts, all of them easy to check:
E,
x : B k x’: B’
t(x) : A h h(t(x)) : A’
Ü á ∫ Ü á
E, x : B
k x’: B’
h(t(x)) : A’ A’* t’(k(x)) : A’
Ü á ∫
E, x : B
k x’: B’
t’(k(x)) : A’ A’* t’(x’) : A’ Ü á ∫
From the claim we derive:
E
(x : B)t(x) : B A k h (x’: B’)t’(x’) : B’ A’ ∫ λ
λ
→ →
→
Ü á Ü á
and then by (Rel Val Eta), (Rel Val Saturation Lft), and (Rel Val Saturation Rht):
E
t : B A k h t’: B’ A’
∫ →→
→
Ü á Ü á .
Conversely, suppose
E
t : B A k h t’: B’ A’
∫ →→
→
Ü á Ü á , then by weakening, (Rel Val xR y), and (Rel Val Appl) :
E,
x : B k x’: B’
Using
E, x : B
k x’: B’
t’(k(x)) : A’ A’* t’(x’) : A’
Ü á ∫ we have
E, x : B
k x’: B’
t(x) : A h t’(k(x)) : A’
Ü á ∫ Ü á by (Rel Val Symm) and (Rel Val Saturation Rht), and by (Rel Val FRel Elim) we get:
E,
x : B k x’: B’
h(t(x)) : A’ A’* t’(k(x)) : A’ Ü á ∫
By weakening and renaming we also get:
E,
x : B B * y : B
, x : B
k x’ : B’
h(t(x )) : A’ A’* t’(k(x )) : A’
1
1
1
1
Ü á ∫ .
Notice that
E, x : B
B * y : B
x : B k k(x) : B’
∫ Ü á . We can use this to substitute into the judgment above, replacing x1 with x and (vacuously) x'1 with k(x), obtaining:
E,
x : B B * y : B
h(t(x)) : A’ A’* t’(k(x)) : A’ ∫
By assumption, we can equate x and y, to derive
E, x : B
B * y : B
h(t(x)) : A’ A’* t’(k(y)) : A’
∫ .
Finally we get
E
t; h : B A’ (B A’) * k; t’: B A’
∫ →→
→ using (Rel Val Fun).
M
3.4 Extensional equality
We define a notion of extensional equality between relations. This notion can be formally added to R 1 ,
or it can be left at the metalevel, as we do here. Intuitively, two relations are extensionally equal if they have the same graph, and they are extensionally inverses if the graph of one is the inverse of the graph of the other.
Definition (Extensional equality)
We say that R and S are extensionally equal, and we write:
E ∫ R =Ae S B
if
E, x: A
R
y: B ∫
x: A
S
y: B and
E, x: A
S
y: B ∫
x: A
R
y: B .
We say that R and S are extensionally inverses, and we write :
E ∫ A
R =e op
S
if
E, x : A y : B
y : B x : A
R ∫ S and
E, y : B x : A
x : A y : B
S ∫ R .
In both definitions we assume that x and y are fresh.
We state a few properties of extensional equality. The proofs of the first two lemmas are omitted.
Lemma (Transitivity of extensional equality)
E A = A’
, E
A = A’
E A = A’
e e e
∫ ∫ R R’ R’ R” ⇒ ∫ R R”
Lemma (Extensional congruence)
E A = A’
, E B = B’
E
A B = A’ B’
e e e
∫ ∫ R R’ S S’ ⇒ ∫ R →S →R’→S’
→
E, X X’
A = A’
E
(X)A ( ) = ( )
(X’)A’
e e
W ∫ ∫ R R’ ⇒ ∀W R∀ ∀W R’
∀ ( X∉A’,R R’, and X’ A,∉ R R’, )
Lemma (Identity relations)
E A E
A A* = (x : A)x
A
e
∫ ∫⇒ Üλ á
Proof
In one direction, we have
E, x : A
A* y : A
y : A
∫ by (Rel Val R y), and
E, x : A
A* y : A
y : A (x : A)x ( (x : A)x)y : A
∫ Üλ á
λ by (Rel Val
FRel Intro). Hence
E, x : A
A* y : A
x : A (x : A)x
y : A
∫ Üλ á follows by saturation, (Rel Val xR y), and (Rel Val Beta).
For the converse direction we use (Rel Val xR y) and (Rel Val FRel Elim) to obtain:
E,
x : A (x : A)x
y : A
( (x : A)x)x : A A* y : A Üλ á ∫ λ
hence, via (Rel Val Beta), we have
E, x : A (x : A)x
y : A
x : A A* y : A
Üλ á ∫ .
M
Lemma (Identity substitution)
E, X, E’ A E, X, E’
A
A* = A*{X (x : X)x } A
e
Proof
By induction on the structure of A, using lemmas (Identity relations) and (Extensional congruence). M
3.5 A commutation property
The third technical tool concerns covariant types. We say that a type A is covariant in X when X oc -curs only positively in A. For example, (X→Y)→X is covariant in X. Symmetrically, A is contravariant in X when X occurs only negatively in A (as Y in the type above). A type A depending on X (the other free variables being considered as fixed parameters) may be viewed as a map B ÷ïñ A{X←B} from types to types. When A is covariant in X, it determines a (covariant) functor, which associates with any h:B→B’ a term A{X←h} of type A{X←B}→A{X←B’}. When A is contravariant in X, it determines a contravariant functor, which associates with any h:B→B’ a term A{X←h} of type A{X←B’}→A{X←B}. We use the following notation:
If E ∫F a : A’→A
and E ∫F b : B→B’
, then a→b stands for:
λ(x : A→B) (y’: A’)b(x(a(y’)))λ which has type A
(
→B)
→(
A’→B’)
If E, X ∫F a : B→B’, then ∀(X)a stands for:
λ(x :∀( )X B) (X) a(x(X))λ which has type (∀( )X B)→ ∀( ( )X B’)
Definition (Types as functors)
Suppose that E, X ∫F A , where A is covariant or contravariant in X, and consider the environment E, Y, Y’, h: Y→Y’. We define A X{ ←h} as follows, by induction on A:
X{X←h}=h
Y{X←h}=λ(y : Y)y (Y≠X)
(A1→A2){X←h} = A X( 1{ ←h})→(A X2{ ←h}) (∀( )Y A1){X←h} = Y A X∀( ) 1{ ←h}
The next lemmas state that the substitution just defined yields well-typed terms and preserves identi-ties. We omit the proof of these lemmas, as well as the statement that A preserves compositions.
Lemma (Functor well-formedness)
If E, X ∫F A , where A is covariant in X, then, for Y, Y’, and h fresh: E, Y, Y’, h : Y→Y’ ∫ F A{X←h} : A{X←Y}→A{X←Y’} If E, X ∫F A , where A is contravariant in X, then, for Y, Y’, and h fresh:
E, Y, Y’, h : Y→Y’ ∫ F A{X←h} : A{X←Y’}→A{X←Y}
Lemma (Functors preserve identity)
If E, X ∫F A , where A is covariant or contravariant in X, then: E, X ∫ F A{X←λ(x : X)x} = (z : A)z : Aλ →A
Typically, in our proofs, we get relations of the form A*{X←Ühá} from an application of (Rel Val Appl2), while ÜA{X←h}á may be needed. The following lemma says that covariant functors commute with functional relations, so A*{X←Ühá} can be transformed into ÜA{X←h}á.
Lemma (Commutation of Ü-á)
E, Y, Y’, h : Y Y’
A{X B}
A*{X h } = A{X h} A{X B’}
e
→ ← ← ←
←
∫R1
Ü á Ü á
Assume E, X ∫F A , where A is contravariant in X, then, for Y, Y’, and h fresh:
E, Y, Y’, h : Y Y’
A{X B}
A*{X h } = A{X h} A{X B’}
e op
→ ← ← ←
←
∫R1
Ü á Ü á
Proof
We prove the first claim only, using an idea due to Plotkin. The second one is proved similarly. By theorem (Partial relational interpretation of F), we derive from the first claim of lemma (Functor well-formedness):
E, Y Y
, Y’ Y’
,
h : Y Y’ h : Y Y’
A{X h } : A{X Y } A{X Y’ } A*{X } A*{X } A{X h } : A{X Y } A{X Y’ }
1
2 1
2
1 1 1
2 2 2
1 1 1
2 2 2
Y Y ’ Y →→Y ’ Y Y ’
→
← ← → ←
← → ←
← ← → ←
∫
We use two different substitution instances of this judgment to establish the claim. First, by lemma (Commuting squares), and by weakening and value substitution, with Ühá for Y, Y’ for Y ’, h for h
1, and
Üλ(y’:Y’)y’á for h
2, we get:
E, Y, Y’, h : Y Y’
A{X h} : A{X Y} A{X Y’} A*{X h } A*{X Y’}
A{X (y’: Y’)y’} : A{X Y’} A{X Y’}
→ ← ← ←→ → ← ←
← ← → ←
∫ Ü á
λ
By lemma (Functors preserve identity) and the soundness of F equalities in R , we can replace A{X←λ(y’: Y’)y’} with λ(z : A{X←Y’})z:
E, Y, Y’, h : Y Y’
A{X h} : A{X Y} A{X Y’} A*{X h } A*{X Y’}
(z : A{X Y’})z : A{X Y’} A{X Y’}
→ ← ← ←→ → ← ←
← ← → ←
∫ Ü á
λ
By weakening, (Rel Val Appl), and (Rel Val Beta), we have:
E, Y, Y’, h : Y Y’,
x : A{X Y} A*{X h } x’: A{X Y’}
A{X h}(x) : A{X Y’} A*{X Y’} x’: A{X Y’}
→ ←←
←
← ←
← ←
Ü á ∫
and by functional-relation introduction:
E, Y, Y’, h : Y Y’,
x : A{X Y} A*{X h } x’: A{X Y’}
x : A{X Y} A{X h} x’: A{X Y’}
→ ←←
←
← ←
←
Ü á ∫ Ü á
Our second substitution instance is with Y for Y, Ühá for Y ’, λ(y:Y)y
f
or h1, and h for h2:
E, Y, Y’, h : Y Y’
A{X (y : Y)y} : A{X Y} A{X Y} A*{X Y} A*{X h }
A{X h} : A{X Y} A{X Y’}
→ ← ← → ← ←→ ←
← ← → ←
∫ λ Ü á
By a similar reasoning, and using (Rel Val R x), we get:
E, Y, Y’, h : Y Y’,
x : A{X Y} A{X h} x’: A{X Y’}
x : A{X Y} A*{X h } A{X h}(x) : A{X Y’}
→ ←←
←
← ←
← ←
Ü á ∫ Ü á
